🧹 chore: remove client secret from msft oauth token request

backend/config/oauth_microsoft.go

@@ -13,8 +13,7 @@ type MicrosoftOAuthSettings struct {
 }
 
 type intermediateMicrosoftOAuthSetting struct {
-	Key    string `env:"KEY"`
-	Secret string `env:"SECRET"`
+	Key string `env:"KEY"`
 }
 
 func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, error) {
@@ -23,14 +22,8 @@ func (i *intermediateMicrosoftOAuthSetting) into() (*MicrosoftOAuthSettings, err
 		return nil, err
 	}
 
-	secretSecret, err := m.NewSecret(i.Secret)
-	if err != nil {
-		return nil, err
-	}
-
 	return &MicrosoftOAuthSettings{
 		Key:    secretKey,
-		Secret: secretSecret,
 		Tenant: tenantID,
 	}, nil
 }

backend/integrations/oauth/soth/msft/msft.go

@@ -31,10 +31,9 @@ var defaultScopes = []string{"openid", "offline_access", "user.read", "calendars
 // New creates a new microsoftonline Provider, and sets up important connection details.
 // You should always call `msft.New` to get a new Provider. Never try to create
 // one manually.
-func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider {
+func New(clientKey *m.Secret[string], callbackURL string, tenant string, scopes ...string) *Provider {
 	p := &Provider{
 		ClientKey:    clientKey,
-		Secret:       secret,
 		CallbackURL:  callbackURL,
 		ProviderName: "microsoftonline",
 		tenant:       tenant,
@@ -47,7 +46,6 @@ func New(clientKey *m.Secret[string], secret *m.Secret[string], callbackURL stri
 // Provider is the implementation of `soth.Provider` for accessing microsoftonline.
 type Provider struct {
 	ClientKey    *m.Secret[string]
-	Secret       *m.Secret[string]
 	CallbackURL  string
 	config       *oauth2.Config
 	ProviderName string
@@ -138,9 +136,8 @@ func newConfig(provider *Provider, scopes []string) *oauth2.Config {
 	}
 
 	c := &oauth2.Config{
-		ClientID:     provider.ClientKey.Expose(),
-		ClientSecret: provider.Secret.Expose(),
-		RedirectURL:  provider.CallbackURL,
+		ClientID:    provider.ClientKey.Expose(),
+		RedirectURL: provider.CallbackURL,
 		Endpoint: oauth2.Endpoint{
 			AuthURL:  authURL,
 			TokenURL: tokenURL,

backend/server/server.go

@@ -58,7 +58,7 @@ func Init(db *gorm.DB, stores *store.Stores, integrations integrations.Integrati
 
 	applicationURL := settings.Application.ApplicationURL()
 
-	msftProvider := msft.New(settings.Microsft.Key, settings.Microsft.Secret, fmt.Sprintf("%s/api/v1/auth/microsoftonline/callback", applicationURL), settings.Microsft.Tenant)
+	msftProvider := msft.New(settings.Microsft.Key, fmt.Sprintf("%s/api/v1/auth/microsoftonline/callback", applicationURL), settings.Microsft.Tenant)
 	googProvider := goog.New(settings.Google.Key, settings.Google.Secret, fmt.Sprintf("%s/api/v1/auth/google/callback", applicationURL))
 
 	authMiddleware := authMiddleware.New(

config/.env.template

@@ -50,6 +50,5 @@ SAC_GOOGLE_OAUTH_SECRET=GOOGLE_OAUTH_CLIENT_SECRET
 SAC_GOOGLE_API_KEY=GOOGLE_API_KEY
 
 SAC_MICROSOFT_OAUTH_KEY=test
-SAC_MICROSOFT_OAUTH_SECRET=test
 
 SAC_SEARCH_URI="http://127.0.0.1:9200"